From 5c1d5a3a5c99b2da85e553bf111cb4bd27d6c186 Mon Sep 17 00:00:00 2001
From: Ethan Paul <e@enp.one>
Date: Tue, 17 Mar 2020 22:49:57 -0400
Subject: [PATCH] Setup configure-auth playbook to deploy authentication
 parameters

---
 playbooks/configure-auth.yml | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/playbooks/configure-auth.yml b/playbooks/configure-auth.yml
index 64154de..57d29d1 100644
--- a/playbooks/configure-auth.yml
+++ b/playbooks/configure-auth.yml
@@ -1,14 +1,12 @@
 ---
-- name: Configure local users
-  hosts: all:!network
-  tags:
-    - auth
-    - ssh
-    - users
+- import_playbook: meta.yml
+
+- name: Configure system authentication
+  hosts: all
   roles:
     - role: sshd
   tasks:
-    - import_tasks: tasks/preprocess-local-users.yml
+    - import_tasks: tasks/preprocess-users.yml
 
     - name: Create local user accounts
       tags: users_create
@@ -18,7 +16,7 @@
           group:
             name: "{{ item }}"
             state: present
-          loop: "{{ local_targets + ['omni'] }}"
+          loop: "{{ omni_local_targets + ['omni'] }}"
 
         - name: Load user passwords
           include_vars:
@@ -29,19 +27,19 @@
             name: "{{ item.name }}"
             comment: "{{ item.fullname | default('') }}"
             shell: /bin/bash
-            groups: "{{ item.targets | intersect(local_targets) + ['omni'] }}"
-            system: "{{ item.svc | default(False) }}"
+            groups: "{{ item.targets | intersect(omni_local_targets) + ['omni'] }}"
+            system: "{{ item.svc | default(false) }}"
             state: present
             generate_ssh_key: false
-            password: "{{ users_secrets[item.name] }}"
-          loop: "{{ users_local }}"
+            password: "{{ omni_users_secrets[item.name] }}"
+          loop: "{{ _users_local }}"
 
     - name: Delete removed user accounts
       become: true
       user:
         name: "{{ item }}"
         state: absent
-      loop: "{{ users_local_removed | default([]) | difference(protected_users) }}"
+      loop: "{{ _users_local_removed | default([]) | difference(omni_protected_users) }}"
 
     - name: Grant sudo permissions to admin user accounts
       become: true
@@ -49,7 +47,7 @@
         name: "{{ item.name }}"
         groups: "{{ 'wheel' if ansible_os_family | lower == 'redhat' else 'sudo' }}"
         state: present
-      loop: "{{ users_local_admin }}"
+      loop: "{{ _users_local_admin }}"
 
     - name: Disable sudo password for ansible
       become: true
@@ -66,8 +64,8 @@
         path: /etc/sudoers.d/40-admin
         line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL"
         mode: 0644
-        state: "{{ 'present' if disable_sudo_password | bool == true else 'absent' }}"
-      loop: "{{ users_local_admin }}"
+        state: "{{ 'present' if omni_disable_sudo_password | default(false) | bool == true else 'absent' }}"
+      loop: "{{ _users_local_admin }}"
 
     - name: Ensure proper ownership of user home directories
       become: true
@@ -77,4 +75,6 @@
         path: /home/{{ item.name }}
         recurse: true
         state: directory
-      loop: "{{ users_local }}"
+      loop: "{{ _users_local }}"
+
+    - import_tasks: tasks/deploy-ssh-keys.yml